Security audit

Auto Rental

Security checks across malware telemetry and agentic risk

Overview

The skill’s travel features are coherent, but it asks agents to install a global CLI and persist raw travel queries without clear user control or retention limits.

Review before installing. Only use this skill if you trust the flyai CLI and are comfortable with live travel queries going through that provider. Install any CLI dependency yourself or approve it explicitly, and disable or delete the local execution log unless you intentionally need it for debugging.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to install a global npm package and execute an external CLI without any user confirmation or warning that this modifies the host environment. In an agent context, this can lead to unauthorized system changes, supply-chain exposure from fetched packages, and execution of untrusted code on the user's machine.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The runbook explicitly logs `user_query` as raw input and records detailed internal execution steps, then persists that data to a local file when filesystem access is available. This creates a clear privacy and data-retention risk because user-supplied content may include personal, financial, travel, or credential-like information, and there is no consent notice, minimization, redaction, retention control, or access restriction described.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The instructions require persistent logging of natural-language user input plus command history, fallback behavior, and output metadata, which can expose sensitive travel details and operational context if the log file is read, copied, or mishandled. In a travel-booking skill, raw queries may contain names, dates, destinations, booking preferences, and possibly passport/visa or insurance-related details, making this context more sensitive than a generic low-risk utility.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal